Integration of formal fault analysis in ASSERT: Case studies and lessons learnt

International audienceThe ASSERT European Integrated Project (Automated proof-based System and Software Engineering for Real-Time systems; EC FP6, IST-004033) has investigated, elaborated and experimented advanced methods based on the AltaRica language and support tool OCAS for architecture and fault approach propagation description analysis, and integrated in the complete ASSERT process. The paper describes lessons learnt from three case studies: safety critical spacecraft, autonomous deep exploration spacecraft, and civil aircraft

Integrated modeling of advanced optical systems

This poster session paper describes an integrated modeling and analysis capability being developed at JPL under funding provided by the JPL Director's Discretionary Fund and the JPL Control/Structure Interaction Program (CSI). The posters briefly summarize the program capabilities and illustrate them with an example problem. The computer programs developed under this effort will provide an unprecedented capability for integrated modeling and design of high performance optical spacecraft. The engineering disciplines supported include structural dynamics, controls, optics and thermodynamics. Such tools are needed in order to evaluate the end-to-end system performance of spacecraft such as OSI, POINTS, and SMMM. This paper illustrates the proof-of-concept tools that have been developed to establish the technology requirements and demonstrate the new features of integrated modeling and design. The current program also includes implementation of a prototype tool based upon the CAESY environment being developed under the NASA Guidance and Control Research and Technology Computational Controls Program. This prototype will be available late in FY-92. The development plan proposes a major software production effort to fabricate, deliver, support and maintain a national-class tool from FY-93 through FY-95

Data re-engineering using formal transformations

This thesis presents and analyses a solution to the problem of formally re- engineering program data structures, allowing new representations of a program to be developed. The work is based around Ward's theory of program transformations which uses a Wide Spectrum Language, WSL, whose semantics were specially developed for use in proof of program transformations. The re-engineered code exhibits equivalent functionality to the original but differs in the degree of data abstraction and representation. Previous transformational re-engineering work has concentrated upon control flow restructuring, which has highlighted a lack of support for data restructuring in the maintainer's tool-set. Problems have been encountered during program transformation due to the lack of support for data re-engineering. A lack of strict data semantics and manipulation capabilities has left the maintainer unable to produce optimally re-engineered solutions. It has also hindered the migration of programs into other languages because it has not been possible to convert data structures into an appropriate form in the target language. The main contribution of the thesis is the Data Re-Engineering and Abstraction Mechanism (DREAM) which allows theories about type equivalence to be represented and used in a re-engineering environment. DREAM is based around the technique of "ghosting", a way of introducing different representations of data, which provides the theoretical underpinning of the changes applied to the program. A second major contribution is the introduction of data typing into the WSL language. This allows DREAM to be integrated into the existing transformation theories within WSL. These theoretical extensions of the original work have been shown to be practically viable by implementation within a prototype transformation tool, the Maintainer's Assistant. The extended tool has been used to re-engineer heavily modified, commercial legacy code. The results of this have shown that useful re-engineering work can be performed and that DREAM integrates well with existing control flow transformations

ASSERT: a step towards reliable and scientific system and software engineering.

International audienceThe ASSERT (www.assert-project.org) project (Automated proof-based System and Software Engineering for Real-Time systems) is an integrated project partially funded by the European Commission within the Information Society Technologies priority of the 6th Framework Program in the area of embedded systems. The project is coordinated by the European Space Agency (ESA) in the TEC directorate (Technical and Quality management), Software Systems division. The assert consortium is made of 28 partners (see the full list in section 7) representing the space industry, research laboratories, software houses and tool developers. The project started in September 2004 and has ended in December 2007. The main objective of ASSERT is to change the way system and software engineering is performed today to adopt a more reliable and scientific approach based on modelling, preservation of system properties and model transformation down to the final code.The current results include a process, a set of tool prototypes and case studies demonstrating the validity of the overall approach. The project results will now be disseminated in operational projects through the support of ESA, the tool and technologies providers and the industrialists from the space sector

On the mechanisation of the logic of partial functions

PhD ThesisIt is well known that partial functions arise frequently in formal reasoning about programs. A partial function may not yield a value for every member of its domain. Terms that apply partial functions thus may not denote, and coping with such terms is problematic in two-valued classical logic. A question is raised: how can reasoning about logical formulae that can contain references to terms that may fail to denote (partial terms) be conducted formally? Over the years a number of approaches to coping with partial terms have been documented. Some of these approaches attempt to stay within the realm of two-valued classical logic, while others are based on non-classical logics. However, as yet there is no consensus on which approach is the best one to use. A comparison of numerous approaches to coping with partial terms is presented based upon formal semantic definitions. One approach to coping with partial terms that has received attention over the years is the Logic of Partial Functions (LPF), which is the logic underlying the Vienna Development Method. LPF is a non-classical three-valued logic designed to cope with partial terms, where both terms and propositions may fail to denote. As opposed to using concrete undfined values, undefinedness is treated as a \gap", that is, the absence of a defined value. LPF is based upon Strong Kleene logic, where the interpretations of the logical operators are extended to cope with truth value \gaps". Over the years a large body of research and engineering has gone into the development of proof based tool support for two-valued classical logic. This has created a major obstacle that affects the adoption of LPF, since such proof support cannot be carried over directly to LPF. Presently, there is a lack of direct proof support for LPF. An aim of this work is to investigate the applicability of mechanised (automated) proof support for reasoning about logical formulae that can contain references to partial terms in LPF. The focus of the investigation is on the basic but fundamental two-valued classical logic proof procedure: resolution and the associated technique proof by contradiction. Advanced proof techniques are built on the foundation that is provided by these basic fundamental proof techniques. Looking at the impact of these basic fundamental proof techniques in LPF is thus the essential and obvious starting point for investigating proof support for LPF. The work highlights the issues that arise when applying these basic techniques in LPF, and investigates the extent of the modifications needed to carry them over to LPF. This work provides the essential foundation on which to facilitate research into the modification of advanced proof techniques for LPF.EPSR

The Amsterdam Toolkit for Language Archaeology

AbstractGRK — the Grammar Recovery Kit — illustrates options for automation and corresponding tool support in the context of developing quality language references that readily cater for the derivation of parsers.GRK provides the proof-of-concept for two notions: (i) semi-automatic grammar recovery; (ii) language-reference re-engineering. GRK's support for semi-automatic grammar recovery means that GRK can be used to obtain a relatively correct and complete as well as implementable grammar from a language reference. GRK's support for language-reference re-engineering means that GRK can be used to update the original language reference such that it reflects the completed and corrected grammar knowledge.As of today, GRK is particularly fit for Cobol archaeology, more specifically for IBM's VS Cobol II. That is, GRK offers a fully mechanised process, where IBM's reference is used as an input, and the output is a transformed language reference whose grammar portions are correct and complete. (The recovery required several hundreds of simple transformation steps in order to deliver a grammar that is fit for parser derivation.) As a byproduct, GRK also generates a slow, Prolog-based parser. Via export to GRK's sibling, GDK (the Grammar Deployment Kit), a reasonably fast, btyacc-based parser can be generated as well. Both parsers accept all of the VS Cobol II code that is at our avail (several millions of lines of code)

Towards an Extensible Architecture and Tool Support for Model-based Verification.

Model-based software engineering (MBSE) brings models to the center of software and system design. Models are powerful abstractions used to support all phases of the software development life cycle of complex software. As these models grow larger and their complexity increases, they need to be verified and validated to preserve their correctness. One possible way to do so is by means of the use of formal methods. However, the availability of MBSE tools with support for validation and verification is limited, and they usually require the cumbersome deployment of software burdened by dependencies, preventing the adoption of these tools. This paper presents a web-based architecture designed to support the definition of domain models and provide translation capabilities to different verification formalisms. As a proof of concept for our architecture, we have developed a tool prototype that is light-weight, runs in the browser and supports: (i) definition of domain models represented as class diagrams and (ii) partial translation of class diagrams into the Alloy specification language, enabling verification of structural domain properties. We show how we have used this tool to verify properties for the public bus management system in the city of Málaga, Spain.This work was partially funded by Universidad de Málaga (Campus Internacional de Excelencia), and the Spanish Government under projects PID2021-125527NB-I00 and TED2021-130523B-I00. Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tech

Supporting requirement analysis through requirement rationale capture and traceability

Manufacturers of complex engineering systems are increasingly recognising the importance of identifying, understanding and satisfying stakeholders’ needs in order to produce high-quality products. The analysis of these needs into a formal requirement specification is a time consuming and complex process for which little support is offered to design engineers. This can result in requirements being poorly documented and with little or no traceability to their origins. This dissertation reports an investigation to understand the process of requirement analysis and develop computational support for this important phase of the engineering design process. The key argument of this research is that the existing practice of requirement analysis can be improved by providing better support for requirement rationale capture and enabling greater requirement traceability. The research consisted of three main phases. In the first phase, literature related to the requirement analysis was reviewed and led to the creation of a requirement analysis model. In the second phase, the practices of a global engineering organisation were investigated using document analysis as well as interviews with and shadowing of company engineers. The research found that requirement analysis lacks support for requirement rationale capture and traceability. On the basis of this result, a workflow for requirement analysis was proposed. The workflow involves the use of the Decision Rationale editor tool to capture requirement rationale and enable requirement traceability. In the third phase, four studies were undertaken to validate the workflow. These studies investigated: 1) application of the workflow to requirements generated through reverse-engineering a low-complexity consumer product; 2) requirements extracted from documents produced by a graduate engineering team during a twelve-week project; 3) the requirement analysis process undertaken by two graduate engineering teams during twelve-week projects; and 4) requirements for a new aircraft engine development programme. The studies showed that the proposed workflow is feasible, practical, and scalable when applied to engineering projects. Requirement rationales were classified into categories, namely product design and use, pre-existing rationale, and project management. In order to fully support requirement traceability, it was found that it is important to make traceable four types of requirement transformations: newly introduced, copied, updated, and deleted requirements. The research demonstrated that the proposed workflow is a successful proof-of-concept and can lead to improved quality of requirement documentation and requirement traceability.Open Acces

Supporting a Multi-formalism Model Driven Development Process with Model Transformation, a TOPCASED implementation

International audienceThe ASSERT (Automated proof based System and Software Engineering for Real-Time Applications) European Integrated Project (IST-FP6-004033, http://www.assert-project.net/) defined and experimented a multi formalism Model Driven Engineering (MDE) process, enforcing an approach with separated specification and refinement of functional and non-functional properties.• Functional specification, design and development is based on UML profiles to support AADL concepts [2] and behavioural specification.• Real time Architecture properties are based on extensions targeting Ravenscar Computing execution Model (RCM see [6]) constraints upon component interface and ports.• Model transformation is supporting correctness preserving rules towards a Virtual Machine execution environment or a verification dedicated environment.A tool chain called IDEA (Integrated Development Environment for ASSERT) supporting the process was developed by the CS ASSERT team on top of the Eclipse/TOPCASED environment allowing:• Integrated use of several formalisms in a development life-cycle (UML, AADL, IF[4]) .• Model transformation from UML to IF, AADL to RCM and RCM to Ada• Automated code generationThe approach experimented allows combined use of best suited formalisms and features for MDE developments. The TOPCASED tool proved to be a unique integrated toolset for prototyping UML and meta models supporting tools.The main feedback gained from applying the notations and approach on small to medium case studies is that UML profiling is not scalable, and that use of several Domain Specific Languages (DSL) seems far more suitable. Semantic clashes can be limited by raising the abstraction level, and by partitioning properties for verification

Ontologies and Methods for Interoperability of Engineering Analysis Models (eams) in an E-Design Environment

ABSTRACT ONTOLOGIES AND METHODS FOR INTEROPERABILITY OF ENGINEERING ANALYSIS MODELS (EAMS) IN AN E-DESIGN ENVIRONMENT SEPTEMBER 2007 NEELIMA KANURI, B.S., BIRLA INSTITUTE OF TECHNOLOGY AND SCIENCES PILANI INDIA M.S., UNIVERSITY OF MASSACHUSETTS AMHERST Directed by: Professor Ian Grosse Interoperability is the ability of two or more systems to exchange and reuse information efficiently. This thesis presents new techniques for interoperating engineering tools using ontologies as the basis for representing, visualizing, reasoning about, and securely exchanging abstract engineering knowledge between software systems. The specific engineering domain that is the primary focus of this report is the modeling knowledge associated with the development of engineering analysis models (EAMs). This abstract modeling knowledge has been used to support integration of analysis and optimization tools in iSIGHT FD , a commercial engineering environment. ANSYS , a commercial FEA tool, has been wrapped as an analysis service available inside of iSIGHT-FD. Engineering analysis modeling (EAM) ontology has been developed and instantiated to form a knowledge base for representing analysis modeling knowledge. The instances of the knowledge base are the analysis models of real world applications. To illustrate how abstract modeling knowledge can be exploited for useful purposes, a cantilever I-Beam design optimization problem has been used as a test bed proof-of-concept application. Two distinct finite element models of the I-beam are available to analyze a given beam design- a beam-element finite element model with potentially lower accuracy but significantly reduced computational costs and a high fidelity, high cost, shell-element finite element model. The goal is to obtain an optimized I-beam design at minimum computational expense. An intelligent KB tool was developed and implemented in FiPER . This tool reasons about the modeling knowledge to intelligently shift between the beam and the shell element models during an optimization process to select the best analysis model for a given optimization design state. In addition to improved interoperability and design optimization, methods are developed and presented that demonstrate the ability to operate on ontological knowledge bases to perform important engineering tasks. One such method is the automatic technical report generation method which converts the modeling knowledge associated with an analysis model to a flat technical report. The second method is a secure knowledge sharing method which allocates permissions to portions of knowledge to control knowledge access and sharing. Both the methods acting together enable recipient specific fine grain controlled knowledge viewing and sharing in an engineering workflow integration environment, such as iSIGHT-FD. These methods together play a very efficient role in reducing the large scale inefficiencies existing in current product design and development cycles due to poor knowledge sharing and reuse between people and software engineering tools. This work is a significant advance in both understanding and application of integration of knowledge in a distributed engineering design framework